I am working on a java script based application where I need to validate the username text box then what are all the symbols I should avoid in order to block cross side scripting using REGEX
For just a username you should maybe accept only alphanumeric chars, something like:
~^[a-z0-9_.-]+$~i
[EDIT] to add explanations:
~: delimiter but in JS you will need / to delimit insteadi: case insensitive flag^: match beginning of string$: match end of string[]: match characters in between those bracketsa-z: is a to z range0-9: 0 to 9 range_.-: also accepts those chars+: is to allow this pattern 1 or more times